.

What is the role of grey hat hacktivism groups in the security world?

<<

jsm725

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Mar 22, 2010 5:13 pm

Post Wed Jun 15, 2011 12:46 pm

What is the role of grey hat hacktivism groups in the security world?

With groups like Wiki-leaks, Anonymous and LulzSec popping up in the news almost everyday, I wanted to get a feel from the ethical hacking community on what we see as their role. Do they help? Do they hurt?

On one hand they help me sell work. My clients see this stuff on the news and might decide to get serious about stuff I have been pitching. They are forcing companies to deal with security issues.

On the other hand, what they are doing is illegal and might make people who don't understand the nuances between white, grey and black hat hacking turn against us altogether. If I start getting FBI agents knocking on my lab door because I am running a legitimate external scans on a range of client IP's, my prices are going up.

What do you think eh-net?
CISSP, PCI-QSA, OSWP
<<

AndyB67

User avatar

Full Member
Full Member

Posts: 100

Joined: Fri Jan 14, 2011 7:13 am

Location: UK

Post Wed Jun 15, 2011 2:11 pm

Re: What is the role of grey hat hacktivism groups in the security world?

Too many of the companies out there seem to be playing loose with security and our data.  Ok, the software they are using in most cases is flawed but there's no reason not to have a robust patching and security policy in place to minimize the risks.

I give regular briefs to the users in the company I work for (as an information manager) stressing about the need for data protection, good password policy and the rest of the good stuff that they should do.  I've had a user come up to me after one brief and ask if it was possible to bypass/remove the encryption on his works laptop as it made it 'run slower'!!

All the high profile hacks going on at the moment and things like the bigger fines that the Information Commissioner is slapping on data protection breaches in the UK is giving me good ammo when I go out and preach to the unwashed masses
Net+ Sec+ More to come
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Jun 15, 2011 3:17 pm

Re: What is the role of grey hat hacktivism groups in the security world?

While I don't condone their activities, I think it's great for business like you said above. It is hard enough to get people to pay attention to security but with major headlines, your clients begin to listen. I find it highly entertaining as well to watch this stuff unfold.
<<

jsm725

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Mar 22, 2010 5:13 pm

Post Wed Jun 15, 2011 4:34 pm

Re: What is the role of grey hat hacktivism groups in the security world?

*disclaimer* Although the attacks are illegal and break the "ethical grey hat" rules of no disclosure.../*disclaimer*

When you preach this is an imminent risk, you need to be prepared, for God's sake please listen to me and then those risks are realized, it does make you feel a little better.
CISSP, PCI-QSA, OSWP
<<

jsm725

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Mar 22, 2010 5:13 pm

Post Wed Jun 15, 2011 8:13 pm

Re: What is the role of grey hat hacktivism groups in the security world?

Another thing to consider...will these type of attacks tilt public opinion to favor a governmental crack down on our currently unregulated and uncensored open internet?
CISSP, PCI-QSA, OSWP

Return to Ethical Hacktivism

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software